Provides SMTP credentials for an existing SES domain identity.
SMTP usernames and passwords for SES require creating an IAM user and access key. This module will create a Secrets Manager secret and populate it with rotating SMTP credentials from a dedicated IAM user.
Example:
module "ses_smtp" {
source = "github.com/thoughtbot/terraform-aws-ses-smtp-credentials?ref=v0.2.0"
# The domain corresponding to your domain identity
domain = "example.com"
# The name of the secret to create
name = "example-production-smtp"
# Fill in details for your VPC
subnet_ids = data.aws_subnet.private.*.id
vpc_id = data.aws_vpc.this.id
}
The outputs include policy_json
, which is an IAM policy allowing access to the
secret. You can add this to an IAM role or policy.
Name | Version |
---|---|
terraform | >= 0.14.0 |
aws | ~> 5.0 |
Name | Version |
---|---|
aws | ~> 5.0 |
Name | Source | Version |
---|---|---|
rotation | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.8.0 |
secret | github.com/thoughtbot/terraform-aws-secrets//secret | v0.8.0 |
Name | Type |
---|---|
aws_iam_policy.access_keys | resource |
aws_iam_policy.send_mail | resource |
aws_iam_role_policy_attachment.access_keys | resource |
aws_iam_user.mail | resource |
aws_iam_user_policy_attachment.send_mail | resource |
aws_security_group.function | resource |
aws_security_group_rule.function_egress | resource |
aws_caller_identity.this | data source |
aws_iam_policy_document.access_keys | data source |
aws_iam_policy_document.send_mail | data source |
aws_region.this | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
admin_principals | Principals allowed to peform admin actions (default: current account) | list(string) |
null |
no |
domain | The domain from which emails are sent | string |
n/a | yes |
identity_account_id | ID of account that is authorized to send emails (default: current account) | string |
null |
no |
name | Name for created resources | string |
n/a | yes |
read_principals | Principals allowed to read the secret (default: current account) | list(string) |
null |
no |
subnet_ids | Subnets in which the rotation function should run | list(string) |
[] |
no |
tags | Tags which should be applied to created resources | map(string) |
{} |
no |
trust_tags | Tags required on principals accessing the secret | map(string) |
{} |
no |
vpc_id | VPC in which the rotation function should run | string |
null |
no |
Name | Description |
---|---|
policy_json | Required IAM policies |
secret_arn | ARN of the secrets manager secret containing credentials |
secret_name | Name of the secrets manager secret containing credentials |
smtp_user_name | IAM user name of the SMTP user |